329 research outputs found

    Wormhole Attack Detection Algorithms in Wireless Network Coding Systems

    Get PDF
    Network coding has been shown to be an effective approach to improve the wireless system performance. However, many security issues impede its wide deployment in practice. Besides the well-studied pollution attacks, there is another severe threat, that of wormhole attacks, which undermines the performance gain of network coding. Since the underlying characteristics of network coding systems are distinctly different from traditional wireless networks, the impact of wormhole attacks and countermeasures are generally unknown. In this thesis, we quantify wormholes' devastating harmful impact on network coding system performance through experiments. Firstly, we propose a centralized algorithm to detect wormholes and show its correctness rigorously. For the distributed wireless network, we propose DAWN, a Distributed detection Algorithm against Wormhole in wireless Network coding systems, by exploring the change of the flow directions of the innovative packets caused by wormholes. We rigorously prove that DAWN guarantees a good lower bound of successful detection rate. We perform analysis on the resistance of DAWN against collusion attacks. We find that the robustness depends on the node density in the network, and prove a necessary condition to achieve collusion-resistance. DAWN does not rely on any location information, global synchronization assumptions or special hardware/middleware. It is only based on the local information that can be obtained from regular network coding protocols, and thus the overhead of our algorithms is tolerable. Extensive experimental results have verified the effectiveness and the efficiency of DAWN.Computer Scienc

    Secure location-aware communications in energy-constrained wireless networks

    Get PDF
    Wireless ad hoc network has enabled a variety of exciting civilian, industrial and military applications over the past few years. Among the many types of wireless ad hoc networks, Wireless Sensor Networks (WSNs) has gained popularity because of the technology development for manufacturing low-cost, low-power, multi-functional motes. Compared with traditional wireless network, location-aware communication is a very common communication pattern and is required by many applications in WSNs. For instance, in the geographical routing protocol, a sensor needs to know its own and its neighbors\u27 locations to forward a packet properly to the next hop. The application-aware communications are vulnerable to many malicious attacks, ranging from passive eavesdropping to active spoofing, jamming, replaying, etc. Although research efforts have been devoted to secure communications in general, the properties of energy-constrained networks pose new technical challenges: First, the communicating nodes in the network are always unattended for long periods without physical maintenance, which makes their energy a premier resource. Second, the wireless devices usually have very limited hardware resources such as memory, computation capacity and communication range. Third, the number of nodes can be potentially of very high magnitude. Therefore, it is infeasible to utilize existing secure algorithms designed for conventional wireless networks, and innovative mechanisms should be designed in a way that can conserve power consumption, use inexpensive hardware and lightweight protocols, and accommodate with the scalability of the network. In this research, we aim at constructing a secure location-aware communication system for energy-constrained wireless network, and we take wireless sensor network as a concrete research scenario. Particularly, we identify three important problems as our research targets: (1) providing correct location estimations for sensors in presence of wormhole attacks and pollution attacks, (2) detecting location anomalies according to the application-specific requirements of the verification accuracy, and (3) preventing information leakage to eavesdroppers when using network coding for multicasting location information. Our contributions of the research are as follows: First, we propose two schemes to improve the availability and accuracy of location information of nodes. Then, we study monitoring and detection techniques and propose three lightweight schemes to detect location anomalies. Finally, we propose two network coding schemes which can effectively prevent information leakage to eavesdroppers. Simulation results demonstrate the effectiveness of our schemes in enhancing security of the system. Compared to previous works, our schemes are more lightweight in terms of hardware cost, computation overhead and communication consumptions, and thus are suitable for energy-constrained wireless networks

    Security and Privacy Issues in Wireless Mesh Networks: A Survey

    Full text link
    This book chapter identifies various security threats in wireless mesh network (WMN). Keeping in mind the critical requirement of security and user privacy in WMNs, this chapter provides a comprehensive overview of various possible attacks on different layers of the communication protocol stack for WMNs and their corresponding defense mechanisms. First, it identifies the security vulnerabilities in the physical, link, network, transport, application layers. Furthermore, various possible attacks on the key management protocols, user authentication and access control protocols, and user privacy preservation protocols are presented. After enumerating various possible attacks, the chapter provides a detailed discussion on various existing security mechanisms and protocols to defend against and wherever possible prevent the possible attacks. Comparative analyses are also presented on the security schemes with regards to the cryptographic schemes used, key management strategies deployed, use of any trusted third party, computation and communication overhead involved etc. The chapter then presents a brief discussion on various trust management approaches for WMNs since trust and reputation-based schemes are increasingly becoming popular for enforcing security in wireless networks. A number of open problems in security and privacy issues for WMNs are subsequently discussed before the chapter is finally concluded.Comment: 62 pages, 12 figures, 6 tables. This chapter is an extension of the author's previous submission in arXiv submission: arXiv:1102.1226. There are some text overlaps with the previous submissio

    Secure Routing in Wireless Mesh Networks

    Get PDF
    Wireless mesh networks (WMNs) have emerged as a promising concept to meet the challenges in next-generation networks such as providing flexible, adaptive, and reconfigurable architecture while offering cost-effective solutions to the service providers. Unlike traditional Wi-Fi networks, with each access point (AP) connected to the wired network, in WMNs only a subset of the APs are required to be connected to the wired network. The APs that are connected to the wired network are called the Internet gateways (IGWs), while the APs that do not have wired connections are called the mesh routers (MRs). The MRs are connected to the IGWs using multi-hop communication. The IGWs provide access to conventional clients and interconnect ad hoc, sensor, cellular, and other networks to the Internet. However, most of the existing routing protocols for WMNs are extensions of protocols originally designed for mobile ad hoc networks (MANETs) and thus they perform sub-optimally. Moreover, most routing protocols for WMNs are designed without security issues in mind, where the nodes are all assumed to be honest. In practical deployment scenarios, this assumption does not hold. This chapter provides a comprehensive overview of security issues in WMNs and then particularly focuses on secure routing in these networks. First, it identifies security vulnerabilities in the medium access control (MAC) and the network layers. Various possibilities of compromising data confidentiality, data integrity, replay attacks and offline cryptanalysis are also discussed. Then various types of attacks in the MAC and the network layers are discussed. After enumerating the various types of attacks on the MAC and the network layer, the chapter briefly discusses on some of the preventive mechanisms for these attacks.Comment: 44 pages, 17 figures, 5 table

    An Improved Wormhole Attack Detection and Prevention Method for Wireless Mesh Networks

    Get PDF
    Network coding has been shown to be an effective approach to improve the wireless system performance. However, many security issues impede its wide deployment in practice.Besides the well-studied pollution attacks, there is another severe threat, that of wormhole attacks, which undermines the performance gain of network coding. Since the underlying characteristics of network coding systems are distinctly different from traditional wireless networks, the impact of wormhole attacks and countermeasures are generally unknown. In this paper, we quantify wormholes� devastating harmful impact on network coding system performance through experiments. We first propose a centralized algorithm to detect wormholes and show its correctness rigorously. For the distributed wireless network, we propose DAWN, a Distributed detection Algorithm against Wormhole in wireless Network coding systems, by exploring the change of the flow directions of the innovative packets caused by wormholes. We rigorously prove that DAWN guarantees a good lower bound of successful detection rate. We perform analysis on the resistance of DAWN against collusion attacks.We find that the robustness depends on the node density in the network, and prove a necessary condition to achieve collusion-resistance. DAWN does not rely on any location information, global synchronization assumptions or special hardware/middleware. It is only based on the local information that can be obtained from regular network coding protocols, and thus the overhead of our algorithms is tolerable. Extensive experimental results have verified the effectiveness and the efficiency of DAWN

    Frequency Rendezvous and Physical Layer Network Coding for Distributed Wireless Networks

    Get PDF
    In this thesis, a transmission frequency rendezvous approach for secondary users deployed in decentralized dynamic spectrum access networks is proposed. Frequency rendezvous is a critical step in bootstrapping a wireless network that does not possess centralized control. Current techniques for enabling frequency rendezvous in decentralized dynamic spectrum access networks either require pre-existing infrastructure or use one of several simplifying assumptions regarding the architecture, such as the use of regularly spaced frequency channels for communications. Our proposed approach is designed to be operated in a strictly decentralized wireless networking environment, where no centralized control is present and the spectrum does not possess pre-defined channels. In our proposed rendezvous algorithm, the most important step is pilot tone detection and receiver query. In order to realize a shortest search time for the target receiver, an efficient scanning rule should be employed. In this thesis, three scanning rules are proposed and evaluated, namely: frequency sequence scanning, pilot tone strength scanning, and cluster scanning. To validate our result, we test our scanning rules with actual paging band spectrum measurements. Previous research on security of network coding focuses on the protection of data dissemination procedures and the detection of malicious activities such as pollusion attacks. The capabilities of network coding to detect other attacks has not been fully explored. In this thesis, a new mechanism based on physical layer network coding to detect wormhole attacks is proposed. When two signal sequences collide at the receiver, the difference between the two received sequences is determined by its distances to the senders. Therefore, by comparing the differences between the received sequences at two nodes, we can estimate the distance between them and detect those fake neighbor connections through wormholes. While the basic idea is clear, we design many schemes at both physical and network layers to turn the idea into a practical approach. Simulations using BPSK modulation at the physical layer show that the wireless nodes can effectively detect fake neighbor connections without the adoption of any special hardware on them

    Secure Platform Over Wireless Sensor Networks

    Get PDF
    Life sciences: general issue

    Cognitive Security Framework For Heterogeneous Sensor Network Using Swarm Intelligence

    Get PDF
    Rapid development of sensor technology has led to applications ranging from academic to military in a short time span. These tiny sensors are deployed in environments where security for data or hardware cannot be guaranteed. Due to resource constraints, traditional security schemes cannot be directly applied. Unfortunately, due to minimal or no communication security schemes, the data, link and the sensor node can be easily tampered by intruder attacks. This dissertation presents a security framework applied to a sensor network that can be managed by a cohesive sensor manager. A simple framework that can support security based on situation assessment is best suited for chaotic and harsh environments. The objective of this research is designing an evolutionary algorithm with controllable parameters to solve existing and new security threats in a heterogeneous communication network. An in-depth analysis of the different threats and the security measures applied considering the resource constrained network is explored. Any framework works best, if the correlated or orthogonal performance parameters are carefully considered based on system goals and functions. Hence, a trade-off between the different performance parameters based on weights from partially ordered sets is applied to satisfy application specific requirements and security measures. The proposed novel framework controls heterogeneous sensor network requirements,and balance the resources optimally and efficiently while communicating securely using a multi-objection function. In addition, the framework can measure the affect of single or combined denial of service attacks and also predict new attacks under both cooperative and non-cooperative sensor nodes. The cognitive intuition of the framework is evaluated under different simulated real time scenarios such as Health-care monitoring, Emergency Responder, VANET, Biometric security access system, and Battlefield monitoring. The proposed three-tiered Cognitive Security Framework is capable of performing situation assessment and performs the appropriate security measures to maintain reliability and security of the system. The first tier of the proposed framework, a crosslayer cognitive security protocol defends the communication link between nodes during denial-of-Service attacks by re-routing data through secure nodes. The cognitive nature of the protocol balances resources and security making optimal decisions to obtain reachable and reliable solutions. The versatility and robustness of the protocol is justified by the results obtained in simulating health-care and emergency responder applications under Sybil and Wormhole attacks. The protocol considers metrics from each layer of the network model to obtain an optimal and feasible resource efficient solution. In the second tier, the emergent behavior of the protocol is further extended to mine information from the nodes to defend the network against denial-of-service attack using Bayesian models. The jammer attack is considered the most vulnerable attack, and therefore simulated vehicular ad-hoc network is experimented with varied types of jammer. Classification of the jammer under various attack scenarios is formulated to predict the genuineness of the attacks on the sensor nodes using receiver operating characteristics. In addition to detecting the jammer attack, a simple technique of locating the jammer under cooperative nodes is implemented. This feature enables the network in isolating the jammer or the reputation of node is affected, thus removing the malicious node from participating in future routes. Finally, a intrusion detection system using `bait\u27 architecture is analyzed where resources is traded-off for the sake of security due to sensitivity of the application. The architecture strategically enables ant agents to detect and track the intruders threateningthe network. The proposed framework is evaluated based on accuracy and speed of intrusion detection before the network is compromised. This process of detecting the intrusion earlier helps learn future attacks, but also serves as a defense countermeasure. The simulated scenarios of this dissertation show that Cognitive Security Framework isbest suited for both homogeneous and heterogeneous sensor networks

    Data analytics methods for attack detection and localization in wireless networks

    Get PDF
    Wireless ad hoc network operates without any fixed infrastructure and centralized administration. It is a group of wirelessly connected nodes having the capability to work as host and router. Due to its features of open communication medium, dynamic changing topology, and cooperative algorithm, security is the primary concern when designing wireless networks. Compared to the traditional wired network, a clean division of layers may be sacrificed for performance in wireless ad hoc networks. As a result, they are vulnerable to various types of attacks at different layers of the protocol stack. In this paper, I present real-time series data analysis solutions to detect various attacks including in- band wormholes attack in the network layer, various MAC layer misbehaviors, and jamming attack in the physical layer. And, I also investigate the problem of node localization in wireless and sensor networks, where a total of n anchor nodes are used to determine the locations of other nodes based on the received signal strengths. A range-based machine learning algorithm is developed to tackle the challenges --Abstract, page iii
    corecore